Richard G
Verified User
Once a while I check if I don't have any odd mail bots (from hackers) running on my servers.
I do this by using for example the command:
Normally this only shows 1 Exim (I'm only running ipv4 on the servers).
But on one server I've got another one now, but don't know if this is safe or where it's coming from:
so I had a look and the 104 ip is from cloudflare.
This only shows a certain amount of time and then it dissapears.
As admins, we don't user cloudflare DNS. We do have mediacp running (for radio streams).
Anybody a clue on what this is and if this can be trusted or this is odd?
I do this by using for example the command:
Code:
lsof -i :25
Code:
exim 1017 mail 4u IPv4 500744207 0t0 TCP *:smtp (LISTEN)But on one server I've got another one now, but don't know if this is safe or where it's coming from:
Code:
exim 30129 mail 8u IPv4 1034991304 0t0 TCP server.serverdomain.nl:58806->104.24.104.142:smtp (SYN_SENT)This only shows a certain amount of time and then it dissapears.
As admins, we don't user cloudflare DNS. We do have mediacp running (for radio streams).
Anybody a clue on what this is and if this can be trusted or this is odd?
